Skip to content

Latest commit

 

History

History
144 lines (93 loc) · 4.67 KB

README.md

File metadata and controls

144 lines (93 loc) · 4.67 KB


Languages

Solidity Bash Bash

Technologies

Linux GitHub Solidity Foundry GithubActions


🔐 Security Audits: Safeguarding Your Codebase 🛡️

Security Audit Steps

  1. Initial Review
    • Scoping
    • Reconnaissance
    • Vulnerability identification
    • Reporting
  2. Protocol fixes
    • Fixes issues
    • Retests and adds tests
  3. Mitigation Rewiew
    • Reconnaissance
    • Vulnerability identification
    • Reporting

first Audit Password Storage Link:-https://sepolia.etherscan.io/address/0x2ecf6ad327776bf966893c96efb24c9747f6694b#code

First Step check For compiliance with Rekt Test

The Rekt Test Questions

   1. Do you have all actors, roles, and privileges documented?
   2. Do you keep documentation of all the external services, contracts, and oracles you rely on?
   3. Do you have a written and tested incident response plan?
   4. Do you document the best ways to attack your system?
   5. Do you perform identity verification and background checks on all employees?
   6. Do you have a team member with security defined in their role?
   7. Do you require hardware security keys for production systems?
   8. Does your key management system require multiple humans and physical steps?
   9. Do you define key invariants for your system and test them on every commit?
   10. Do you use the best automated tools to discover security issues in your code?
   11. Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program?
   12. Have you considered and mitigated avenues for abusing users of your system?

How to Evaluate Findings Impact on the protocol:

https://docs.codehawks.com/hawks-auditors/how-to-evaluate-a-finding-severity


High Impact:

    1. Funds are directly or nearly directly at risk.

    2. There's a severe disruption of protocol functionality or availability.

Medium Impact:

    1. Funds are indirectly at risk.

    2. There's some level of disruption to the protocol's functionality or availability.

Low Impact:

    1. Funds are not at risk.

    2. However, a function might be incorrect, state might not be handled appropriately, etc.

Static Analysis tools:

  • Slither
    • slither .
  • Aderyn
    • aderyn --root .

📚 Resources

Let's work together to build secure and resilient applications! 🔒✨